There are so many different ways and articles out there on how to configure NTP in Windows and every time I had to look it up. So i decided to write my own article for my own reference for the setup in my lab so I don’t have to Google it myself next time 🙂
This article is for Windows 2008 R2. If you’re looking for Windows 2012, see this article…Â Are you looking how to configure NTP using GPO, please read my article on it here.
First, the basics. This is all you need if you want to keep it simple:
w32tm /config /manualpeerlist:pool.ntp.org,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
If the machine is a VM inside Hyper-V, you have to disable time sync. Open VM settings -> Management -> Integration Services and uncheck Time Synchronization. [Thanks Todd].
That should be it! Want to know more? Doesn’t work? Have you screwed up the config and want to start from the beginning? Keep on reading…
W32tm is the command to use. Sure, there are articles out there mentioning “net time”, but you should not use that. Some other also mentions editing the registry directly, but as Microsoft mentions in the article: It is recommended that you do not directly edit the registry unless there is no other alternative.
Which NTP-server to use? Or several?
The pool.ntp.org is a round-robin of random selected NTP servers. As they say “This is usually good enough for end-users“. But you might want to add several NTP-servers yourself for redundancy?
w32tm /config /manualpeerlist:"ntp1.sp.se ntp2.sp.se",0x8 /syncfromflags:MANUAL
Just keep adding them with a space in between them.
Don’t forget your firewall
If you got a firewall between your host and the Internet, it might drop udp/123 which is the NTP protocol. This is how it looked in my Cisco ASA FW:
So I created a rule to allow it and after that it worked.
More info and debug logging
The following commands are quite useful which lists the current source, when it last sync’ed etc.
w32tm /query /status
Eventually, when the server can’t get time from the NTP server it will add an event tto the event log:
Log Name: System
Source: Microsoft-Windows-Time-Service
Event ID: 47
Level: Warning
Description: Time Provider NtpClient: No valid response has been received from manually configured peer pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
Otherwise, when it’s working, you will get:
Log Name: System
Source: Microsoft-Windows-Time-Service
Event ID: 35
Level: Information
Description: The time service is now synchronizing the system time with the time source pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->192.121.13.5:123).
You still getting problems? You can easily turn on debugging to a logfile which in this case is limited t0 10 MB and include ALL debug entries.
w32tm /debug /enable /file:C:\Temp\w32tmdebug.log /size:10485760 /entries:0-300
Turn it off again with:
w32tm /debug /disable
Expect a lot of info in this debug log. For me, when it worked, the following entries showed it was working:
– Reachability:Â peer pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->79.142.244.39:123) is reachable.
– Logging information: NtpClient is currently receiving valid time data from pool.ntp.org,0x8 (ntp.m|0x8|0.0.0.0:123->79.142.244.39:123).
But when I had my firewall blocking the packets, I would get the following. Don’t trust this too much though, since I did get this when I allowed it in the firewall also, but when it was blocked, I did not get the entries above.
– Logging error: NtpClient has been configured to acquire time from one or more time sources, however none of the sources are currently accessible and no attempt to contact a source will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.
Force a resync
If you want to force the client to resync, run:
C:\Windows\system32>w32tm /resync Sending resync command to local computer The command completed successfully.
If you get the following error, the computer can’t reach the NTP-server(s).
The computer did not resync because no time data was available.
Start from scratch
If you completely screwed up the config, you can always do the following command and it will completely erase and add a default W32time configuration:
net stop w32time w32tm /unregister w32tm /register
When doing the unregister I got the following error for some reason, but it seems like it worked anyway.
The following error occurred: Access is denied. (0x80070005)
Sometimes when doing the /register, I would get. This usually solved by waiting for a while. I would suggest you stop the service before doing /unregister. Otherwise, a reboot would probably solve most problems.
The following error occurred: The specified service has been marked for deletion. (0x80070430)
If you miss any important information, let me know and I’ll add it.
0x8 say what?
You might have noticed the 0x8 flag above. What does it mean? KB875424 mention:
0x01 - use special poll interval SpecialInterval 0x02 - UseAsFallbackOnly 0x04 - send request as SymmetricActive mode 0x08 - send request as Client mode
And the Directory Services Team mention some more reading here.
Hi,
Good article thanks. One thing to remember that has caught me off guard was that once the clock is more than 5hours(from memory, could be less) out of sync, forcing a resyncing via w32tm won’t work. You’ll have to manually set the time to something closer then force resync. Think virtual domain controller getting time from local host that is out of sync… not fun.
Yeah – had that problem too where local DCs get waaay out of time because different of reasons. I guess you get “The computer did not resync because the required time change was too big.”? There are ways to hack the registry so the computer doesn’t care about the huge difference. Like explained in this article, but I wouldn’t recommend it. I would rather fix the source to the problem.
I keep coming across systems where the PDC Emulator is 30 mins to 1 hour out of sync with the current time. However, I’m reluctant to just sync the time because of the potential issues in a live system with kerberos’ maximum of 5 minutes askew.
How can the w32tm service be configured to slowly converge the system time with the current time rather than just do a big jump? I’ve tried various changes including reducing Max[Pos,Neg,Allowed]PhaseOffset to 300 (5 minutes), but this stops the service from ever syncing.
This is a very helpful article. With one area missing that I’ll add.
If you’re running your NTP Server inside of a VM (Hyper-V), you’ll need to uncheck one crucial option. http://goo.gl/QigNC
Thanks a lot for that input. I’ll add that to the list!
Great Article!!
About: The following error occurred: Access is denied. (0×80070005)
I have noticed that it only shows up if you have System Manager started when running /unregister /register
Nice guide mate.
Just a comment on the “Which NTP-server to use? Or several?”. For each time server entry you need to specify the “SpecialPollInterval” setting.
E.g. “ntp.is.co.za,0x1 ntp2.is.co.za,0x1”
Where the values mean the following:
0x1 SpecialInterval
0x2 UseAsFallbackOnly
0x4 SymmetricActive
0x8 Client
See http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx for more details.
Once done, your event log should record two time service events. One for each NTP source.
Nice guide.
If you want more accurate sync than a few seconds you should not use w32time though: http://support.microsoft.com/kb/939322
Look for the windows port of ntpd as ntpd is the official NTP server/client software.
After not getting W32tm working correctly with external source on W2K3 AD, I just used http://www.meinberg.de/english/sw/ntp.htm & never looked back
sebus
Thanks for the great and simple guide. Helped me fix the time sync on a couple of 2008 R2 servers much faster than the MicroSoft instructions.
Keep it up!
Thanks s overy much for documenting this clearly !
BTW we found what looks like a typo “blocket”
regards Sean and Alan @team
I required our time sources between our storage devices, firewall and PDC to be synced, so now all devices get there time synced from the same source.
here is what worked for me on our 2008R2 Standard SP1 Server:
w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update /reliable:yes
I then did a query using: w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference – syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.3060097s
Root Dispersion: 7.7757678s
ReferenceId: 0x808A8DAC (source IP: 128.138.141.172)
Last Successful Sync Time: 12/22/2012 9:44:22 PM
Source: time.nist.gov
Poll Interval: 6 (64s)
all working well.
Guys if your company requires less than 1ms time sync precision, you can take a look at alternative software (also supports NTP) http://nts.softros.com . Very easy for deployment and almost zero-configure tool
Hi
Very good post. I came across this when trying to resolve a all ribbon bars disabled in SharePoint 2010 Central Admin on previously working farm. Anyway w32tm /resync on the (external) PDC failed with “The computer did not resync because no time data was available” . Ran 3 lines in the beginning of the post ( after disabling timer sync in vm settings) and then w32tm /resync and all good. Fingers crossed will reboot sp2010 server and see if the ribbon issue goes away.
Hello,
Will anyone tell me NTP command of synchronize time in windows server 2008.
Thanks,
Shashank saxena
So, you used UDP, instead of TCP?
Hi,
May I ask if this the same procedure in Windows Server 2016 Std?